announce

Messages by Thread

CVE-2024-23590: Apache Kylin: Session fixation in web interface Li Yang
[ANNOUNCE] Apache Airflow Providers prepared on October 27, 2024 are released Elad Kalif
[ANNOUNCE] Apache Pulsar Helm Chart version 3.7.0 Released with support for Pulsar 4.0.0 Lari Hotari
CVE-2024-43383: Apache Lucene.Net.Replicator: Remote Code Execution in Lucene.Net.Replicator Paul Irwin
[ANNOUNCE] Apache Traffic Server 10.0.1 has been released Chris McFarlen
[ANNOUNCE] Apache Kafka 3.8.1 Josep Prat
[ANNOUNCEMENT] HttpComponents Client 5.4.1 GA Released Oleg Kalnichevski
CVE-2024-45477: Apache NiFi: Improper Neutralization of Input in Parameter Description David Handermann
[ANNOUNCE] Apache bRPC 1.11.0 released Xiguo Hu
[ANNOUNCE] Apache Kyuubi v1.10.0 is available Bowen Liang
[ANNOUNCE] Apache NiFi 1.28 Released Ferenc Kis
[ANNOUNCE] Apache Pekko Persistence DynamoDB 1.1.0 released PJ Fanning
[ANNOUNCE] Apache Pulsar C# Client DotPulsar 3.4.0 released David Jensen
[ANNOUNCE] Apache Camel 4.8.1 (LTS) Released Gregor Zurowski
CVE-2024-45031: Apache Syncope: Stored XSS in Console and Enduser Francesco Chicchiriccò
[ANN] Apache Syncope 3.0.9 Francesco Chicchiriccò
[ANNOUNCE] Release Apache InLong 2.0.0 Aloys Zhang
[ANNOUNCEMENT] HttpComponents Core 5.3.1 GA released Oleg Kalnichevski
[ANNOUNCE] Release Apache OpenDAL v0.50.1 Xuanwo
[ANNOUNCE] Apache CouchDB 3.4.2 released Jan Lehnardt
[ANNOUNCE] Apache Pulsar 4.0.0 released Lari Hotari
[ANNOUNCE] Apache Velocity Engine 2.4.1 released Claude Brisson
[ANNOUNCE] Apache Camel 4.4.4 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache log4net 3.0.2 released Jan Friedrich
[ANNOUNCEMENT] Apache SkyWalking Rover 0.7.0 Released han liu
[ANNOUNCEMENT] Apache SkyWalking CLI 0.14.0 Released han liu
[ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.5.8 Chris Bono
[ANNOUNCE] Apache Tika 3.0.0 released Tim Allison
[ANNOUNCE] Apache HBase 2.6.1 is now available for download Nick Dimiduk
[ANNOUNCE] Apache APISIX 3.11.0 has been released. Abhishek Choudhary
[ANNOUNCE] Apache Storm 2.7.0 Released Rui Abreu
[Announce] Beam 2.60.0 Released Yi Hu
[ANN] Apache Struts 6.6.1 Lukasz Lenart
[ANNOUNCE] Apache log4cxx 1.3.0 released Stephen Webb
Re: [ANNOUNCE] Release Apache SeaTunnel 2.3.8 Jia Fan
CVE-2024-45216: Apache Solr: Authentication bypass possible using a fake URL Path ending Houston Putman
CVE-2024-45217: Apache Solr: ConfigSets created during a backup restore command are trusted implicitly Houston Putman
[ADVISORY] Apache CloudStack LTS Security Releases 4.18.2.4 and 4.19.1.2 Guto Veronezi
[ANNOUNCE] Apache Calcite 1.38.0 released Julian Hyde
CVE-2024-45693: Apache CloudStack: Request origin validation bypass makes account takeover possible Daniel Augusto Veronezi Salvador
CVE-2024-45462: Apache CloudStack: Incomplete session invalidation on web interface logout Daniel Augusto Veronezi Salvador
CVE-2024-45461: Apache CloudStack Quota plugin: Access checks not enforced in Quota Daniel Augusto Veronezi Salvador
CVE-2024-45219: Apache CloudStack: Uploaded and registered templates and volumes can be used to abuse KVM-based infrastructure Daniel Augusto Veronezi Salvador
[ANNOUNCE] Apache Pulsar Helm Chart version 3.6.0 Released Lari Hotari
[ANNOUNCE] Apache MINA 2.1.9 and 2.0.26 released Emmanuel Lecharny
[ANNOUNCE] Apache Pekko Management 1.1.0 released PJ Fanning
CVE-2023-50780: Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans Justin Bertram
[ANNOUNCE] Apache Lucene 10.0.0 released Luca Cavanna
[ANNOUNCE] Apache Airflow Providers prepared on October 10, 2024 are released Elad Kalif
[ANN] Apache TomEE 10.0.0-M3 Richard Zowalla
[ANNOUNCE] Apache Curator 5.7.1 released Kezhu Wang
[ANNOUNCE] Apache Jackrabbit 2.23.1-beta released Julian Reschke
CVE-2024-46911: Apache Roller: Weakness in CSRF protection allows privilege escalation David M. Johnson
[ANNOUNCE] Apache Pekko gRPC 1.1.0 released PJ Fanning
[ANN] Apache Tomcat 11.0.0 Available Mark Thomas
CVE-2024-28168: Apache XML Graphics FOP: XML External Entity (XXE) Processing Simon Steiner
[ANNOUNCE] Apache Pekko (Core) 1.1.2 released PJ Fanning
[ANN] Apache Tomcat 9.0.96 available Rémy Maucherat
[ANNOUNCE] Hive 3.x EOL Ayush Saxena
[ANNOUNCE] Release Apache Fury(incubating) Serialization 0.8.0 Shawn Yang
[ANNOUNCE] Release Apache Kvrocks 2.10.0 hulk
[ANNOUNCE] Apache Pulsar 3.3.2 released with important security fix for CVE-2024-47561 Lari Hotari
[ANNOUNCE] Apache Pulsar 3.0.7 released with important security fix for CVE-2024-47561 Lari Hotari
[ANNOUNCE] Release Apache Traffic Control 8.0.2 R S
[ANNOUNCE] Apache Qpid JMS 2.6.1 released Robbie Gemmell
[ANNOUNCE] Apache Qpid JMS 1.12.1 released Robbie Gemmell
CVE-2024-47554: Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader Gary D. Gregory
CVE-2024-47561: Apache Avro Java SDK: Arbitrary Code Execution when reading Avro Data (Java SDK) Martin Tzvetanov Grigorov
[ANNOUNCE] Apache Pekko Connectors Kafka 1.1.0 released PJ Fanning
[ANNOUNCE] Apache Pekko HTTP 1.1.0 released PJ Fanning
[ANNOUNCE] Apache Hive 4.0.1 Released Zhihua Deng
[ANN] Apache ActiveMQ 5.18.6 has been released! Jean-Baptiste Onofré
[ANNOUNCE] Apache Airflow Providers prepared on September 27, 2024 are released Elad Kalif
[ANNOUNCE] Apache Jackrabbit Oak 1.70.0 released Julian Reschke
[ANNOUNCE] Apache ManifoldCF 2.27 released Piergiorgio Lucidi
[ANNOUNCE] Apache Log4j `2.24.1`released Piotr P. Karwasz
[ANNOUNCE] Apache Daffodil 3.9.0 Released Steve Lawrence
[ANNOUNCE] Apache Pulsar Go Client 0.14.0 released Zike Yang
CVE-2024-45772: Apache Lucene Replicator: Security Vulnerability in Lucene Replicator - Deserialization Issue Robert Muir
[ANNOUNCE] Apache Lucene 9.12.0 released Chris Hegarty
[ANNOUNCE] Apache SkyWalking BanyanDB Java Client 0.7.0 released Kai Wan
[ANNOUNCE] Apache log4net 3.0.1 released Jan Friedrich
[ANNOUNCE] Apache CouchDB 3.4.1 released Jan Lehnardt
[ANNOUNCE] Apache Ratis 3.1.1 Release Xinyu Tan
CVE-2024-47197: Maven Archetype Plugin: Maven Archetype integration-test may package local settings into the published artifact, possibly containing credentials Slawomir Jaranowski
[ANNOUNCE] Apache ServiceComb Java Chassis version 3.2.2 Released liubao
ANNOUNCE] Apache Spark 3.5.3 released Kent Yao
[SECURITY] CVE-2024-46544 Apache mod_jk - Information Disclosure / Denial of Service Mark Thomas
[ANNOUNCE] Apache NiFi NAR Maven Plugin 2.1.0 Released David Handermann
[ANNOUNCE] Apache Commons CSV Version 1.12.0 Gary Gregory
[ANNOUNCE] Apache Solr 8.11.4 released Houston Putman
[ANNOUNCE] Apache Qpid JMS 2.6.0 released Robbie Gemmell
[ANNOUNCE] Apache Qpid JMS 1.12.0 released Robbie Gemmell
CVE-2024-40761: Apache Answer: Avatar URL leaked user email addresses Enxin Xie
CVE-2024-23454: Apache Hadoop: Temporary File Local Information Disclosure Shilun Fan
[ANNOUNCE] Apache Wicket 10.2.0 released Andrea Del Bene
[ANNOUNCE] Apache Velocity Engine 2.4 released Claude Brisson
[ANNOUNCE] Apache Airflow Providers prepared on September 21, 2024 are released Elad Kalif
CVE-2024-39928: Apache Linkis Spark EngineConn: Commons Lang's RandomStringUtils Random string security vulnerability Heping Wang
[ANNOUNCE] Apache NiFi API 2.0.0 Released David Handermann
[SECURITY] CVE-2024-38286 Apache Tomcat - Denial of Service Mark Thomas
[ANN] Apache OpenJPA 4.0.1 Francesco Chicchiriccò
[ANNOUNCE] Apache StormCrawler (Incubating) 3.1.0 released Richard Zowalla
[ANNOUNCEMENT] HttpComponents Client 5.4 GA Released Oleg Kalnichevski
[ANNOUNCE] Apache YuniKorn v1.6.0 released Wilfred Spiegelenburg
[ANNOUNCE] Apache Answer(Incubating) v1.4.0 available Robin Ren
[ANNOUNCE] Apache Zeppelin 0.11.2 available Jongyoul Lee
[ANNOUNCE] Apache Airflow 2.10.2 Released Ephraim Anierobi
CVE-2024-42323: Apache HertzBeat: RCE by snakeYaml deser load malicious xml Chao Gong
[ANNOUNCE] Apache Qpid protonj2 1.0.0-M22 released Timothy Bish
[ANNOUNCE] Apache NetBeans 23 released Eric Barboni
[ANNOUNCE] Apache Pekko Persistence JDBC 1.1.0 released PJ Fanning
CVE-2024-45537: Apache Druid: Users can provide MySQL JDBC properties not on allow list Karan Kumar
CVE-2024-45384: Apache Druid: Padding oracle in druid-pac4j extension that allows an attacker to manipulate a pac4j session cookie via Padding Oracle Attack Karan Kumar
[ANN] Apache Tomcat 9.0.95 available Rémy Maucherat
[ANN] Apache Tomcat 11.0.0-M26 (beta) available Mark Thomas
[ANNOUNCE] Apache log4net 3.0.0 released Jan Friedrich
[ANNOUNCE] Apache Camel 4.8.0 (LTS) Released Gregor Zurowski
[ANNOUNCE] Apache Pekko (Core) 1.1.1 released Arnout Engelen
[ANN] Apache Tomcat: HTTP/2 regression in 11.0.0-M25, 10.1.29, 9.0.94 Mark Thomas
[ANNOUNCE] Apache Pulsar Node.js client 1.12.0 released Baodi Shi
[ANNOUNCE] Apache Jackrabbit Oak 1.22.21 released Julian Reschke
[ANNOUNCE] Apache Groovy 4.0.23 Released Paul King
[ANNOUNCE] Apache Groovy 5.0.0-alpha-10 Released Paul King
[ANNOUNCEMENT] HttpComponents Core 5.3 GA released Oleg Kalnichevski
[ANNOUNCE] Beam 2.59.0 Released Robert Burke
[ANN] Apache Tomcat 10.1.29 Available Christopher Schultz
CVE-2024-22399: Apache Seata: Remote Code Execution vulnerability via Hessian Deserialization in Apache Seata Server Min Ji
[ANN] Apache Tomcat 9.0.94 available Rémy Maucherat
[ANN] Apache Tomcat 11.0.0-M25 (beta) available Mark Thomas
[ANNOUNCE] Apache Pekko Projections 1.1.0-M1 released PJ Fanning
CVE-2024-45498: Apache Airflow: Command Injection in an example DAG Ephraim Anierobi
[ANNOUNCE] Apache Arrow ADBC 14 released David Li
[ANNOUNCE] Apache Flink CDC 3.2.0 released Qingsheng Ren
[ANNOUNCE] Apache Pekko (Core) 1.1.0 released PJ Fanning
CVE-2024-45507: Apache OFBiz: Prevent use of URLs in files when loading them from Java or Groovy, leading to a RCE Jacques Le Roux
CVE-2024-45195: Apache OFBiz: Confused controller-view authorization logic (forced browsing) Jacques Le Roux
[ANNOUNCE] Apache OFBiz 18.12.16 released Jacopo Cappellato
[ANN] Apache Maven 4.0.0-beta-4 released Tamás Cservenák
[ANNOUNCE] Apache Commons Lang 3.17.0 Gary Gregory
[ANNOUNCE] Apache Ant 1.10.15 released Jaikiran Pai
[ANNOUNCE] Apache Traffic Server 10.0.0 has been released Chris McFarlen
[ANNOUNCE] Apache Parquet release 1.14.2 Fokko Driesprong
[ANNOUNCE] Apache Airflow Providers prepared on August 25, 2024 are released Elad Kalif
[ANNOUNCEMENT] Apache SkyWalking Go 0.5.0 Released han liu
[ANNOUNCE] Apache Sedona 1.6.1 released Jia Yu
CVE-2023-49582: Apache Portable Runtime (APR): Unexpected lax shared memory permissions Eric Covener
[ANNOUNCEMENT] Apache Portable Runtime 1.7.5 Released covener
[ANN] Apache Maven Daemon 1.0.2 released Tamás Cservenák
[ANNOUNCE] Apache Airflow Providers prepared on August 19, 2024 are released Elad Kalif
CVE-2024-41937: Apache Airflow: Stored XSS Vulnerability on provider link Ephraim Anierobi
[ANNOUNCE] Release Apache Iceberg Rust v0.3.0 Xuanwo
CVE-2023-49198: Apache SeaTunnel Web: Arbitrary file read vulnerability Jun Gao
[ANNOUNCE] Apache Commons Statistics Version 1.1 Released Alex Herbert
CVE-2024-22281: Apache Helix Front (UI): Helix front hard-coded secret in the express-session Junkai Xue
[ANNOUNCE] Apache Commons Compress version 1.27.1 Gary Gregory
CVE-2024-43202: Apache DolphinScheduler: Remote Code Execution Vulnerability ShunFeng Cai
[ANNOUNCE] Apache Impala 4.4.1 release Quanlong Huang
[ANNOUNCE] Apache Commons Logging 1.3.4 Gary Gregory
[ANNOUNCE] Apache Jackrabbit 1.68.0 released Julian Reschke
[ANNOUNCE] Released Reactive client for Apache Pulsar, version 0.5.7 Chris Bono
[ANNOUNCE] Apache Airflow 2.10.0 Released Ephraim Anierobi
Apache Kerby 2.1.0 released Colm O hEigeartaigh
[ANNOUNCE] Apache Commons CLI Version 1.9.0 Gary Gregory
[ANNOUNCE] Apache Accumulo 2.1.3 Christopher
[ANNOUNCE] Apache APISIX 3.10.0 has been released Abhishek Choudhary
[ANNOUNCE] Release Apache OpenDAL v0.49.0 Xuanwo
[ANN] Apache Tomcat Connectors 1.2.50 released Mark Thomas
[ANNOUNCE] Apache Camel 4.0.6 (LTS) Release Gregor Zurowski
CVE-2024-41909: Apache MINA SSHD: integrity check bypass Arnout Engelen
[ANNOUNCE] Apache Commons Numbers Version 1.2 Released Alex Herbert
[ANNOUNCE] Apache Spark 3.5.2 released Kent Yao
[ANNOUNCE] Apache Ranger 2.5.0 released Madhan Neethiraj
CVE-2024-30188: Apache DolphinScheduler: Resource File Read And Write Vulnerability ShunFeng Cai
CVE-2024-29831: Apache DolphinScheduler: RCE by arbitrary js execution ShunFeng Cai
[ANNOUNCE] Apache Pulsar Go Client 0.13.1 released Zike Yang
[ANNOUNCE] Apache PDFBox 3.0.3 released Andreas Lehmkühler
[Announcement]: Apache LDAP API 2.1.7 Emmanuel Lecharny
[ANNOUNCE] Apache Commons Compress 1.27.0 Gary Gregory
CVE-2024-41888: Apache Answer: The link for resetting user password is not Single-Use Enxin Xie
CVE-2024-41890: Apache Answer: The link to reset the user's password will remain valid after sending a new link Enxin Xie
[ANNOUNCE] Beam 2.58.0 Released Jack McCluskey
[ANN] Apache ActiveMQ Classic 6.1.3 has been released! Jean-Baptiste Onofré
[ANNOUNCE] Apache Commons Lang Version 3.16.0 Gary Gregory
[ANNOUNCE] Apache Pulsar C# Client DotPulsar 3.2.2 released David Jensen
[ANNOUNCE] Apache Airflow Providers prepared on August 03, 2024 are released Elad Kalif
[ANN] Apache Tomcat 10.1.28 Available Christopher Schultz
CVE-2024-42062: Apache CloudStack: User Key Exposure to Domain Admins Rohit Yadav
CVE-2024-42222: Apache CloudStack: Unauthorised Network List Access Rohit Yadav
[ANNOUCE] Apache CloudStack LTS Security Releases 4.18.2.3 and 4.19.1.1 Nicolas Vazquez
[ANN] Apache Tomcat 11.0.0-M24 (beta) available Mark Thomas
[ANNOUNCE] Apache Pulsar Helm Chart version 3.5.0 Released Lari Hotari
[ANN] Apache Tomcat 9.0.93 available Rémy Maucherat
CVE-2024-36448: Apache IoTDB Workbench: SSRF Vulnerability (EOL) Haonan Hou
[ANNOUNCE] Apache Answer(Incubating) v1.3.6 available Kumfo Yang
CVE-2024-42447: Apache Airflow Providers FAB: FAB provider 1.2.1 and 1.2.0 did not let user to logout for Airflow Jarek Potiuk
CVE-2024-38856: Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code Jacques Le Roux
[ANNOUNCE] Apache OFBiz 18.12.15 released Jacopo Cappellato
CVE-2024-36268: Apache InLong TubeMQ Client: Remote Code Execution vulnerability Charles Zhang
[ANNOUNCE] Apache Pulsar 3.3.1 released Lari Hotari

Earlier messages